13/01/2013

wordpress : protect file download to registered users only

Ouch :) This article was published 12 years ago - might be out of date, check out stuff or leave comment

In this article we will explore a set of code hooks into the worpdress customization framework. The aim of this technique si to hide pdf documents from search engines and non connected users,  and to present them with a custom  login page if not connected, that would redirect directly to the file download after identification (login) via this custom login page.

  • STEP1:  block pages for non registered users
    • to block a page from non registered users, page editor must set a custom field "block" set to 1.
  • present non registered users with form on protected pages
    • we filter the content (the_content)   and return a login form if user is not connected for pages. the login form is included in a specific file po_login_form
  • create specific pdf download link for first page attached PDF, with docid as get variable
    • on your page template, use a query to find your pdf (page attachment) object, once you have that pdf object you can use it to make your url depending on the login status: 
if (is_user_logged_in()) $urlPDF=$pdf->guid; else $urlPDF="/utilisateurs/identification/?docid=" . $pdf->ID;
  • redirect to file if get variable is set
    • add the po_redirect_after_login function the init filter. This function will test the docid   get variable, find  the corresponding pdf attachment and redirect to this attachment url if found and user is logged in, otherwise does nothing and lets the_content filter do its job presenting the login form.
To top